The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Nominet maintain the .uk internet name space and is a not-for-profit company with 3,000 members, managing about 8 million domain names. Nominet work with the UK government, liaise with ICANN and other domain name registry organisations. They are supporting the UK's input to the worldwide Internet Governance Forum (IGF), which is a forum mandated by the UN Secretary General to discuss policy issues, critical resources, imposition of internet governance, to promote availability throughout the world and to facilitate exchange of information and best practices. Nominet, the UK government, key parliamentarians and other organisations formed the UK Internet Governance Forum.

For the last 3 years, Nominet has organised the Best Practice Challenge to recognise organisations, groups and individuals who have embraced the challenge of making the Internet a secure, open, accessible and diverse experience for all. The four IGF themes of security, access, diversity and openness were reflected in the six award categories:

Best development project award

Best security initiative award

Raising industry standards award

Personal safety online award

Internet for all award

Open Internet award

In 2008, OWASP was shortlisted for the same award. The judges, chaired by the Rt Hon Alun Michael MP, praised OWASP's democratic and international structure and the way it helped to raise awareness, but that it would be good to see how we progressed. OWASP London discussed the idea again in early 2009 and decided to enter for the 2009 round. We thought it would raise further awareness about OWASP since winners are promoted as examples of best practice on the Internet, to industry, government and academia in the UK. Most importantly though, the winners are showcased at the next IGF meeting, in Egypt in November, to a worldwide audience. That visibility is what we were hoping for.

Our entry was proposed the whole of OWASP for the award, although we did try to highlight contributions to OWASP, its projects and other activities by UK participants, and the presence of two other chapters in the UK - Leeds and Scotland. We especially mention the great work done by everyone in the Summer of Code 08, improved project management, the new tools and guides recently published, the availability of at-cost books and translations, the summit in Portugal and the work of the new committees. We also highlighted some of the outreach work to government organisations. The people who helped put the entry together were Justin Clarke, Colin Watson, Yiannis Pavlosoglou, Kate Hartman, Paulo Coimbra, Dinis Cruz and Wayne Huang. Dinis suggested we send some books as well - so we printed some from Lulu and sent them separately with the suggestion of passing the viral books "on to your own web application developers or a local university, college or school" after the awards. Justin Clarke, London Chapter Leader, submitted our entry at the end of March.

In June we heard that we had been shortlisted and were invited to the awards dinner at the early 17th century Banqueting House in Whitehall, London. Short-listed entries in all categories showed some innovative work being undertaken across the UK in security, access, diversity and openness. OWASP did not win - the Yorkshire Business Crime Reduction Centre (BCRC) won the Best Security Initiative Award. The BCRC is supported by South Yorkshire Police and the Regional Development Agency, and undertakes e-commerce and physical security assessments for small and medium-sized enterprises (SMEs) in the area. Their recent E-Crime Guide is a very useful introduction to the issues.

Congratulations to all the winners. The entry has, at least, raised OWASP's profile with decision-makers in the UK.